<!DOCTYPE html>
<html lang="en" dir="ltr">
    <head><meta charset='utf-8'>
<meta name='viewport' content='width=device-width, initial-scale=1'><meta name='description' content="# 准备 1 2 3 4 5 $ yum install -y lzo lzo-devel openssl openssl-devel pam pam-devel $ yum install -y pkcs11-helper pkcs11-helper-devel # 确认 $ rpm -qa lzolzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel # 安装 openvpn 服务 1 2 3 4 5 6 7 8 9 10 # 下载，这里的版本可能有问题 $ wget http://oss.aliyuncs.com/aliyunecs/openvpn-2.2.2.tar.gz # 安装rpm-build软件,以提供rpmbuild命令 $ yum install rpm-build -y # 使用 rpmbuild 将源码包编译成rpm包来进行安装 ## 生成rpm /root/rpmbuild/RPMS/x86_64/openvpn-2.2.2-1.x86_64.rpm $ rpmbuild -tb openvpn-2.">
<title>Centos7 安装 OpenVPN</title>

<link rel='canonical' href='http://laoxia.cc/p/centos7-%E5%AE%89%E8%A3%85-openvpn/'>

<link rel="stylesheet" href="/scss/style.min.8e60baf4cd3fc55968717a6e39762f4d28ed7ef6007566b6c7970ad0fe907198.css"><meta property='og:title' content="Centos7 安装 OpenVPN">
<meta property='og:description' content="# 准备 1 2 3 4 5 $ yum install -y lzo lzo-devel openssl openssl-devel pam pam-devel $ yum install -y pkcs11-helper pkcs11-helper-devel # 确认 $ rpm -qa lzolzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel # 安装 openvpn 服务 1 2 3 4 5 6 7 8 9 10 # 下载，这里的版本可能有问题 $ wget http://oss.aliyuncs.com/aliyunecs/openvpn-2.2.2.tar.gz # 安装rpm-build软件,以提供rpmbuild命令 $ yum install rpm-build -y # 使用 rpmbuild 将源码包编译成rpm包来进行安装 ## 生成rpm /root/rpmbuild/RPMS/x86_64/openvpn-2.2.2-1.x86_64.rpm $ rpmbuild -tb openvpn-2.">
<meta property='og:url' content='http://laoxia.cc/p/centos7-%E5%AE%89%E8%A3%85-openvpn/'>
<meta property='og:site_name' content='大国重器'>
<meta property='og:type' content='article'><meta property='article:section' content='Post' /><meta property='article:published_time' content='2018-11-13T20:32:52&#43;00:00'/><meta property='article:modified_time' content='2018-11-13T20:32:52&#43;00:00'/>
<meta name="twitter:title" content="Centos7 安装 OpenVPN">
<meta name="twitter:description" content="# 准备 1 2 3 4 5 $ yum install -y lzo lzo-devel openssl openssl-devel pam pam-devel $ yum install -y pkcs11-helper pkcs11-helper-devel # 确认 $ rpm -qa lzolzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel # 安装 openvpn 服务 1 2 3 4 5 6 7 8 9 10 # 下载，这里的版本可能有问题 $ wget http://oss.aliyuncs.com/aliyunecs/openvpn-2.2.2.tar.gz # 安装rpm-build软件,以提供rpmbuild命令 $ yum install rpm-build -y # 使用 rpmbuild 将源码包编译成rpm包来进行安装 ## 生成rpm /root/rpmbuild/RPMS/x86_64/openvpn-2.2.2-1.x86_64.rpm $ rpmbuild -tb openvpn-2.">
    <link rel="shortcut icon" href="/favicon.png" />

    </head>
    <body class="
    article-page
    ">
    <script>
        (function() {
            const colorSchemeKey = 'StackColorScheme';
            if(!localStorage.getItem(colorSchemeKey)){
                localStorage.setItem(colorSchemeKey, "auto");
            }
        })();
    </script><script>
    (function() {
        const colorSchemeKey = 'StackColorScheme';
        const colorSchemeItem = localStorage.getItem(colorSchemeKey);
        const supportDarkMode = window.matchMedia('(prefers-color-scheme: dark)').matches === true;

        if (colorSchemeItem == 'dark' || colorSchemeItem === 'auto' && supportDarkMode) {
            

            document.documentElement.dataset.scheme = 'dark';
        } else {
            document.documentElement.dataset.scheme = 'light';
        }
    })();
</script>
<div class="container main-container flex on-phone--column extended"><aside class="sidebar left-sidebar sticky ">
    <button class="hamburger hamburger--spin" type="button" id="toggle-menu" aria-label="Toggle Menu">
        <span class="hamburger-box">
            <span class="hamburger-inner"></span>
        </span>
    </button>

    <header>
        
            
            <figure class="site-avatar">
                <a href="/">
                
                    
                    
                    
                        
                        <img src="/img/avatar_hue06bcb413e5a9cdb6ce4bf9a5a6157c6_4250212_300x0_resize_box_3.png" width="300"
                            height="188" class="site-logo" loading="lazy" alt="Avatar">
                    
                
                </a>
                
                    <span class="emoji">🍥</span>
                
            </figure>
            
        
        
        <div class="site-meta">
            <h1 class="site-name"><a href="/">大国重器</a></h1>
            <h2 class="site-description">The pillars of a great power. Support the backbone of a great power with code.</h2>
        </div>
    </header><ol class="menu" id="main-menu">
        
        
        
        <li >
            <a href='/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-home" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <polyline points="5 12 3 12 12 3 21 12 19 12" />
  <path d="M5 12v7a2 2 0 0 0 2 2h10a2 2 0 0 0 2 -2v-7" />
  <path d="M9 21v-6a2 2 0 0 1 2 -2h2a2 2 0 0 1 2 2v6" />
</svg>



                
                <span>Home</span>
            </a>
        </li>
        
        
        <li >
            <a href='/archives/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-archive" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <rect x="3" y="4" width="18" height="4" rx="2" />
  <path d="M5 8v10a2 2 0 0 0 2 2h10a2 2 0 0 0 2 -2v-10" />
  <line x1="10" y1="12" x2="14" y2="12" />
</svg>



                
                <span>Archives</span>
            </a>
        </li>
        
        
        <li >
            <a href='/search/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-search" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="10" cy="10" r="7" />
  <line x1="21" y1="21" x2="15" y2="15" />
</svg>



                
                <span>Search</span>
            </a>
        </li>
        
        
        <li >
            <a href='/links/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-link" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <path d="M10 14a3.5 3.5 0 0 0 5 0l4 -4a3.5 3.5 0 0 0 -5 -5l-.5 .5" />
  <path d="M14 10a3.5 3.5 0 0 0 -5 0l-4 4a3.5 3.5 0 0 0 5 5l.5 -.5" />
</svg>



                
                <span>Links</span>
            </a>
        </li>
        
        
        <li >
            <a href='/about/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-user" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="12" cy="7" r="4" />
  <path d="M6 21v-2a4 4 0 0 1 4 -4h4a4 4 0 0 1 4 4v2" />
</svg>



                
                <span>About</span>
            </a>
        </li>
        
        <li class="menu-bottom-section">
            <ol class="menu">

                
                    <li id="dark-mode-toggle">
                        <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-toggle-left" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="8" cy="12" r="2" />
  <rect x="2" y="6" width="20" height="12" rx="6" />
</svg>



                        <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-toggle-right" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="16" cy="12" r="2" />
  <rect x="2" y="6" width="20" height="12" rx="6" />
</svg>



                        <span>Dark Mode</span>
                    </li>
                
            </ol>
        </li>
    </ol>
</aside>

    <aside class="sidebar right-sidebar sticky">
        
            
                
    <section class="widget archives">
        <div class="widget-icon">
            <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-hash" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <line x1="5" y1="9" x2="19" y2="9" />
  <line x1="5" y1="15" x2="19" y2="15" />
  <line x1="11" y1="4" x2="7" y2="20" />
  <line x1="17" y1="4" x2="13" y2="20" />
</svg>



        </div>
        <h2 class="widget-title section-title">Table of contents</h2>
        
        <div class="widget--toc">
            <nav id="TableOfContents">
  <ol>
    <li>
      <ol>
        <li><a href="#准备">准备</a></li>
        <li><a href="#安装-openvpn-服务">安装 openvpn 服务</a></li>
        <li><a href="#配置-openvpn-服务服务端">配置 OpenVPN 服务（服务端）</a></li>
        <li><a href="#配置-openvpn-服务客户端">配置 OpenVPN 服务（客户端）</a></li>
        <li><a href="#openvpn-安装">openvpn 安装</a></li>
        <li><a href="#工具参考">工具参考</a></li>
        <li><a href="#问题参考">问题参考</a></li>
        <li><a href="#说明">说明</a></li>
      </ol>
    </li>
  </ol>
</nav>
        </div>
    </section>

            
        
    </aside>


            <main class="main full-width">
    <article class="main-article">
    <header class="article-header">

    <div class="article-details">
    
    <header class="article-category">
        
            <a href="/categories/openvpn/" >
                Openvpn
            </a>
        
            <a href="/categories/vpn/" >
                Vpn
            </a>
        
    </header>
    

    <div class="article-title-wrapper">
        <h2 class="article-title">
            <a href="/p/centos7-%E5%AE%89%E8%A3%85-openvpn/">Centos7 安装 OpenVPN</a>
        </h2>
    
        
    </div>

    
    
    
    
    <footer class="article-time">
        
            <div>
                <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-calendar-time" width="56" height="56" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <path d="M11.795 21h-6.795a2 2 0 0 1 -2 -2v-12a2 2 0 0 1 2 -2h12a2 2 0 0 1 2 2v4" />
  <circle cx="18" cy="18" r="4" />
  <path d="M15 3v4" />
  <path d="M7 3v4" />
  <path d="M3 11h16" />
  <path d="M18 16.496v1.504l1 1" />
</svg>
                <time class="article-time--published">Nov 13, 2018</time>
            </div>
        

        
            <div>
                <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-clock" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="12" cy="12" r="9" />
  <polyline points="12 7 12 12 15 15" />
</svg>



                <time class="article-time--reading">
                    3 minute read
                </time>
            </div>
        
    </footer>
    

    
</div>

</header>

    <section class="article-content">
    
    
    <h3 id="准备">
    <a href="#%e5%87%86%e5%a4%87">#</a>
    准备
</h3><div class="highlight"><div class="chroma">
<table class="lntable"><tr><td class="lntd">
<pre tabindex="0" class="chroma"><code><span class="lnt">1
</span><span class="lnt">2
</span><span class="lnt">3
</span><span class="lnt">4
</span><span class="lnt">5
</span></code></pre></td>
<td class="lntd">
<pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">$ yum install -y lzo lzo-devel openssl openssl-devel pam pam-devel
</span></span><span class="line"><span class="cl">$ yum install -y pkcs11-helper pkcs11-helper-devel
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 确认</span>
</span></span><span class="line"><span class="cl">$ rpm -qa lzolzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel
</span></span></code></pre></td></tr></table>
</div>
</div><h3 id="安装-openvpn-服务">
    <a href="#%e5%ae%89%e8%a3%85-openvpn-%e6%9c%8d%e5%8a%a1">#</a>
    安装 openvpn 服务
</h3><div class="highlight"><div class="chroma">
<table class="lntable"><tr><td class="lntd">
<pre tabindex="0" class="chroma"><code><span class="lnt"> 1
</span><span class="lnt"> 2
</span><span class="lnt"> 3
</span><span class="lnt"> 4
</span><span class="lnt"> 5
</span><span class="lnt"> 6
</span><span class="lnt"> 7
</span><span class="lnt"> 8
</span><span class="lnt"> 9
</span><span class="lnt">10
</span></code></pre></td>
<td class="lntd">
<pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="c1"># 下载，这里的版本可能有问题</span>
</span></span><span class="line"><span class="cl">$ wget http://oss.aliyuncs.com/aliyunecs/openvpn-2.2.2.tar.gz
</span></span><span class="line"><span class="cl"><span class="c1"># 安装rpm-build软件,以提供rpmbuild命令</span>
</span></span><span class="line"><span class="cl">$ yum install rpm-build -y
</span></span><span class="line"><span class="cl"><span class="c1"># 使用 rpmbuild 将源码包编译成rpm包来进行安装</span>
</span></span><span class="line"><span class="cl"><span class="c1">## 生成rpm /root/rpmbuild/RPMS/x86_64/openvpn-2.2.2-1.x86_64.rpm</span>
</span></span><span class="line"><span class="cl">$ rpmbuild -tb openvpn-2.2.2.tar.gz
</span></span><span class="line"><span class="cl"><span class="c1"># 安装</span>
</span></span><span class="line"><span class="cl">$ <span class="nb">cd</span> /root/rpmbuild/RPMS/x86_64
</span></span><span class="line"><span class="cl">$ rpm -ivh openvpn-2.2.2-1.x86_64.rpm
</span></span></code></pre></td></tr></table>
</div>
</div><h3 id="配置-openvpn-服务服务端">
    <a href="#%e9%85%8d%e7%bd%ae-openvpn-%e6%9c%8d%e5%8a%a1%e6%9c%8d%e5%8a%a1%e7%ab%af">#</a>
    配置 OpenVPN 服务（服务端）
</h3><div class="highlight"><div class="chroma">
<table class="lntable"><tr><td class="lntd">
<pre tabindex="0" class="chroma"><code><span class="lnt"> 1
</span><span class="lnt"> 2
</span><span class="lnt"> 3
</span><span class="lnt"> 4
</span><span class="lnt"> 5
</span><span class="lnt"> 6
</span><span class="lnt"> 7
</span><span class="lnt"> 8
</span><span class="lnt"> 9
</span><span class="lnt">10
</span><span class="lnt">11
</span><span class="lnt">12
</span><span class="lnt">13
</span><span class="lnt">14
</span><span class="lnt">15
</span><span class="lnt">16
</span><span class="lnt">17
</span><span class="lnt">18
</span><span class="lnt">19
</span><span class="lnt">20
</span><span class="lnt">21
</span><span class="lnt">22
</span><span class="lnt">23
</span><span class="lnt">24
</span><span class="lnt">25
</span><span class="lnt">26
</span><span class="lnt">27
</span><span class="lnt">28
</span><span class="lnt">29
</span><span class="lnt">30
</span><span class="lnt">31
</span><span class="lnt">32
</span><span class="lnt">33
</span><span class="lnt">34
</span><span class="lnt">35
</span><span class="lnt">36
</span><span class="lnt">37
</span><span class="lnt">38
</span><span class="lnt">39
</span><span class="lnt">40
</span><span class="lnt">41
</span><span class="lnt">42
</span><span class="lnt">43
</span><span class="lnt">44
</span><span class="lnt">45
</span><span class="lnt">46
</span><span class="lnt">47
</span><span class="lnt">48
</span><span class="lnt">49
</span><span class="lnt">50
</span><span class="lnt">51
</span><span class="lnt">52
</span><span class="lnt">53
</span><span class="lnt">54
</span><span class="lnt">55
</span><span class="lnt">56
</span><span class="lnt">57
</span><span class="lnt">58
</span><span class="lnt">59
</span><span class="lnt">60
</span><span class="lnt">61
</span><span class="lnt">62
</span><span class="lnt">63
</span><span class="lnt">64
</span><span class="lnt">65
</span><span class="lnt">66
</span><span class="lnt">67
</span><span class="lnt">68
</span><span class="lnt">69
</span><span class="lnt">70
</span><span class="lnt">71
</span><span class="lnt">72
</span><span class="lnt">73
</span><span class="lnt">74
</span><span class="lnt">75
</span><span class="lnt">76
</span><span class="lnt">77
</span><span class="lnt">78
</span><span class="lnt">79
</span><span class="lnt">80
</span><span class="lnt">81
</span><span class="lnt">82
</span></code></pre></td>
<td class="lntd">
<pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="c1"># 初始化 PKI</span>
</span></span><span class="line"><span class="cl">$ <span class="nb">cd</span> /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 修改证书环境（对证书使用无影响）</span>
</span></span><span class="line"><span class="cl"><span class="c1">## export KEY_COUNTRY=&#34;CN&#34;</span>
</span></span><span class="line"><span class="cl"><span class="c1">## export KEY_PROVINCE=&#34;BJ&#34;</span>
</span></span><span class="line"><span class="cl"><span class="c1">## export KEY_CITY=&#34;BJ&#34;</span>
</span></span><span class="line"><span class="cl"><span class="c1">## export KEY_ORG=&#34;aliyun&#34;</span>
</span></span><span class="line"><span class="cl"><span class="c1">## export KEY_EMAIL=cjxia@isoftston.com</span>
</span></span><span class="line"><span class="cl">$ vi vars
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 清除并删除 keys 目录下的所有 key</span>
</span></span><span class="line"><span class="cl">$ ln -s openssl-1.0.0.cnf openssl.cnf
</span></span><span class="line"><span class="cl">$ <span class="nb">source</span> ./vars
</span></span><span class="line"><span class="cl">$ ./clean-all
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 生成服务端的证书</span>
</span></span><span class="line"><span class="cl"><span class="c1">## 当前目录下生成 keys 目录，包含创建的证书</span>
</span></span><span class="line"><span class="cl">$ ./build-ca
</span></span><span class="line"><span class="cl"><span class="c1"># 生成服务端自定义名称的证书，这里将其命名为 server</span>
</span></span><span class="line"><span class="cl"><span class="c1">## 生成过程中可以使用默认值</span>
</span></span><span class="line"><span class="cl"><span class="c1">## keys 目录下生成 server.key server.crt server.csr</span>
</span></span><span class="line"><span class="cl">$ ./build-key-server server
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 创建客户端证书，这里将其命名为 client</span>
</span></span><span class="line"><span class="cl"><span class="c1">## keys 目录下生成 client.key client.crt client.csr</span>
</span></span><span class="line"><span class="cl">$ ./build-key client
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 生成 Diffie Hellman 参数</span>
</span></span><span class="line"><span class="cl"><span class="c1">## keys 目录下生成 dh 参数文件 dh1024.pem，用于客户端验证</span>
</span></span><span class="line"><span class="cl">$ ./build-dh
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 复制全部 key</span>
</span></span><span class="line"><span class="cl">$ cp -a keys/* /etc/openvpn/
</span></span><span class="line"><span class="cl"><span class="c1"># 复制 openvpn 服务端配置文件 server.conf 到 /etc/openvpn</span>
</span></span><span class="line"><span class="cl">$ cp -a /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 配置 /etc/openvpn/server.conf</span>
</span></span><span class="line"><span class="cl"><span class="c1">## local 0.0.0.0 # 公网IP，可用 0.0.0.0</span>
</span></span><span class="line"><span class="cl"><span class="c1">## port 1194</span>
</span></span><span class="line"><span class="cl"><span class="c1">## proto tcp # 监听协议</span>
</span></span><span class="line"><span class="cl"><span class="c1">## dev tun # 采用路由隧道模式</span>
</span></span><span class="line"><span class="cl"><span class="c1">## ca ca.crt</span>
</span></span><span class="line"><span class="cl"><span class="c1">## cert aliyun.crt # 生成服务器端证书时用户自定义的名称</span>
</span></span><span class="line"><span class="cl"><span class="c1">## key aliyun.key # 生成服务器端证书时用户自定义的名称</span>
</span></span><span class="line"><span class="cl"><span class="c1">## dh dh1024.pem # 密钥交换协议文件</span>
</span></span><span class="line"><span class="cl"><span class="c1">## server 10.8.0.0 255.255.255.0 # 给客户端分配地址池，注意：不能和VPN服务器内网网段有相同</span>
</span></span><span class="line"><span class="cl"><span class="c1">## ifconfig-pool-persist ipp.txt</span>
</span></span><span class="line"><span class="cl"><span class="c1">## push &#34;redirect-gateway def1 bypass-dhcp&#34;</span>
</span></span><span class="line"><span class="cl"><span class="c1">## push &#34;dhcp-option DNS 8.8.8.8&#34; # dhcp分配dns</span>
</span></span><span class="line"><span class="cl"><span class="c1">## client-to-client # 开启客户端之间互相通信</span>
</span></span><span class="line"><span class="cl"><span class="c1">## keepalive 10 120 # 存活时间，10秒ping一次，120秒未收到响应则视为断线</span>
</span></span><span class="line"><span class="cl"><span class="c1">## cipher AES-128-CBC</span>
</span></span><span class="line"><span class="cl"><span class="c1">## comp-lzo # 传输数据压缩</span>
</span></span><span class="line"><span class="cl"><span class="c1">## user nobody</span>
</span></span><span class="line"><span class="cl"><span class="c1">## group nobody</span>
</span></span><span class="line"><span class="cl"><span class="c1">## persist-key</span>
</span></span><span class="line"><span class="cl"><span class="c1">## persist-tun</span>
</span></span><span class="line"><span class="cl"><span class="c1">## status /etc/openvpn/openvpn-status.log</span>
</span></span><span class="line"><span class="cl"><span class="c1">## log /etc/openvpn/openvpn.log</span>
</span></span><span class="line"><span class="cl"><span class="c1">## verb 3</span>
</span></span><span class="line"><span class="cl">$ <span class="nb">cd</span> /etc/openvpn
</span></span><span class="line"><span class="cl">$ vi server.conf
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 打开路由转发</span>
</span></span><span class="line"><span class="cl"><span class="c1">## 修改或写入 net.ipv4.ip_forward = 1</span>
</span></span><span class="line"><span class="cl">$ vi /etc/sysctl.conf
</span></span><span class="line"><span class="cl"><span class="c1"># 重新读取文件，使内核参数生效</span>
</span></span><span class="line"><span class="cl">$ sysctl -p
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 设置 nat</span>
</span></span><span class="line"><span class="cl">$ iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
</span></span><span class="line"><span class="cl">$ iptables -vnL -t nat
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 开启 1194 端口</span>
</span></span><span class="line"><span class="cl">$ iptables -A INPUT -p tcp --dport <span class="m">1194</span> -j ACCEPT
</span></span><span class="line"><span class="cl">$ iptables -A OUTPUT -p tcp --sport <span class="m">1194</span> -j ACCEPT
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 开启 openvpn 服务</span>
</span></span><span class="line"><span class="cl">$ openvpn /etc/openvpn/server.conf <span class="p">&amp;</span>
</span></span><span class="line"><span class="cl"><span class="c1"># 查看</span>
</span></span><span class="line"><span class="cl">$ ss -nutl <span class="p">|</span> grep <span class="m">1194</span>
</span></span></code></pre></td></tr></table>
</div>
</div><h3 id="配置-openvpn-服务客户端">
    <a href="#%e9%85%8d%e7%bd%ae-openvpn-%e6%9c%8d%e5%8a%a1%e5%ae%a2%e6%88%b7%e7%ab%af">#</a>
    配置 OpenVPN 服务（客户端）
</h3><div class="highlight"><div class="chroma">
<table class="lntable"><tr><td class="lntd">
<pre tabindex="0" class="chroma"><code><span class="lnt"> 1
</span><span class="lnt"> 2
</span><span class="lnt"> 3
</span><span class="lnt"> 4
</span><span class="lnt"> 5
</span><span class="lnt"> 6
</span><span class="lnt"> 7
</span><span class="lnt"> 8
</span><span class="lnt"> 9
</span><span class="lnt">10
</span><span class="lnt">11
</span><span class="lnt">12
</span><span class="lnt">13
</span><span class="lnt">14
</span><span class="lnt">15
</span><span class="lnt">16
</span><span class="lnt">17
</span><span class="lnt">18
</span><span class="lnt">19
</span><span class="lnt">20
</span><span class="lnt">21
</span><span class="lnt">22
</span><span class="lnt">23
</span><span class="lnt">24
</span><span class="lnt">25
</span></code></pre></td>
<td class="lntd">
<pre tabindex="0" class="chroma"><code class="language-gdscript3" data-lang="gdscript3"><span class="line"><span class="cl"><span class="c1"># 下载 OpenVPN 客户端</span>
</span></span><span class="line"><span class="cl"><span class="c1">## windows https://openvpn-2-0-1-rc1.updatestar.com/description/2.4.3</span>
</span></span><span class="line"><span class="cl"><span class="c1">## mac ლ(＾ω＾ლ) ヾ(◍°∇°◍)ﾉﾞ</span>
</span></span><span class="line"><span class="cl"><span class="c1">## 全版本下载 https://www.techspot.com/downloads/5182-openvpn.html</span>
</span></span><span class="line"><span class="cl"><span class="c1"># 下载服务端 /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0/keys 生成的 ca.crt client.csr client.key 到本地安装目录 config 下</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 复制安装目录下 sample-config/client.ovpn 到 config 目录</span>
</span></span><span class="line"><span class="cl"><span class="c1"># 修改 config/client.ovpn</span>
</span></span><span class="line"><span class="cl"><span class="c1">## client</span>
</span></span><span class="line"><span class="cl"><span class="c1">## dev tun</span>
</span></span><span class="line"><span class="cl"><span class="c1">## proto tcp</span>
</span></span><span class="line"><span class="cl"><span class="c1">## remote 39.100.38.166 1194 # OpenVPN服务器的外网IP和端口，ip和域名都行</span>
</span></span><span class="line"><span class="cl"><span class="c1">## resolv-retry infinite</span>
</span></span><span class="line"><span class="cl"><span class="c1">## nobind</span>
</span></span><span class="line"><span class="cl"><span class="c1">## persist-key</span>
</span></span><span class="line"><span class="cl"><span class="c1">## persist-tun</span>
</span></span><span class="line"><span class="cl"><span class="c1">## ca ca.crt</span>
</span></span><span class="line"><span class="cl"><span class="c1">## cert client.crt</span>
</span></span><span class="line"><span class="cl"><span class="c1">## key client.key</span>
</span></span><span class="line"><span class="cl"><span class="c1">## cipher AES-128-CBC</span>
</span></span><span class="line"><span class="cl"><span class="c1">## comp-lzo</span>
</span></span><span class="line"><span class="cl"><span class="c1">## verb 3</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># 启动</span>
</span></span><span class="line"><span class="cl"><span class="c1">## 进入安装目录 bin，管理员执行 openvpn-gui.exe</span>
</span></span></code></pre></td></tr></table>
</div>
</div><hr>
<h3 id="openvpn-安装">
    <a href="#openvpn-%e5%ae%89%e8%a3%85">#</a>
    openvpn 安装
</h3><p><a class="link" href="http://www.luyixian.cn/news_show_38561.aspx"  target="_blank" rel="noopener"
    >参考一</a>
<a class="link" href="https://www.bbsmax.com/A/kPzOX038Jx/"  target="_blank" rel="noopener"
    >参考二</a></p>
<h3 id="工具参考">
    <a href="#%e5%b7%a5%e5%85%b7%e5%8f%82%e8%80%83">#</a>
    工具参考
</h3><p><a class="link" href="https://blog.csdn.net/qq_42303254/article/details/89035054"  target="_blank" rel="noopener"
    >rpmbuild</a>
<a class="link" href="https://blog.csdn.net/orangefly0214/article/details/81710972"  target="_blank" rel="noopener"
    >nohup</a></p>
<h3 id="问题参考">
    <a href="#%e9%97%ae%e9%a2%98%e5%8f%82%e8%80%83">#</a>
    问题参考
</h3><p><a class="link" href="https://blog.51cto.com/typ520/1744719"  target="_blank" rel="noopener"
    >TLS Error: TLS object -&gt; incoming plaintext read error</a></p>
<h3 id="说明">
    <a href="#%e8%af%b4%e6%98%8e">#</a>
    说明
</h3><ol>
<li>服务端版本为 2.2.2，客户端版本为2.4.3，服务端和客户端的 ciper 需同时设置为 AES-128-CBC</li>
</ol>

</section>


    <footer class="article-footer">
    

    
    <section class="article-copyright">
        <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-copyright" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="12" cy="12" r="9" />
  <path d="M14.5 9a3.5 4 0 1 0 0 6" />
</svg>



        <span>Personal learning records. Please do not reprint.</span>
    </section>
    </footer>


    
</article>

    

    

     
    

    <footer class="site-footer">
    <section class="copyright">
        &copy; 
        
            2017 - 
        
        2024 大国重器
    </section>
    
    <section class="powerby">
        
            Personal learning records. <br/>
        Built with <a href="https://gohugo.io/" target="_blank" rel="noopener">Hugo</a> <br />
        Theme <b><a href="https://github.com/CaiJimmy/hugo-theme-stack" target="_blank" rel="noopener" data-version="3.25.0">Stack</a></b> designed by <a href="https://jimmycai.com" target="_blank" rel="noopener">Jimmy</a>
    </section>
</footer>


    
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">

    
    <div class="pswp__bg"></div>

    
    <div class="pswp__scroll-wrap">

        
        <div class="pswp__container">
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
        </div>

        
        <div class="pswp__ui pswp__ui--hidden">

            <div class="pswp__top-bar">

                

                <div class="pswp__counter"></div>

                <button class="pswp__button pswp__button--close" title="Close (Esc)"></button>

                <button class="pswp__button pswp__button--share" title="Share"></button>

                <button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>

                <button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>

                
                
                <div class="pswp__preloader">
                    <div class="pswp__preloader__icn">
                        <div class="pswp__preloader__cut">
                            <div class="pswp__preloader__donut"></div>
                        </div>
                    </div>
                </div>
            </div>

            <div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
                <div class="pswp__share-tooltip"></div>
            </div>

            <button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
            </button>

            <button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
            </button>

            <div class="pswp__caption">
                <div class="pswp__caption__center"></div>
            </div>

        </div>

    </div>

</div><script 
                src="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.min.js"integrity="sha256-ePwmChbbvXbsO02lbM3HoHbSHTHFAeChekF1xKJdleo="crossorigin="anonymous"
                defer
                >
            </script><script 
                src="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe-ui-default.min.js"integrity="sha256-UKkzOn/w1mBxRmLLGrSeyB4e1xbrp4xylgAWb3M42pU="crossorigin="anonymous"
                defer
                >
            </script><link 
                rel="stylesheet" 
                href="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/default-skin/default-skin.min.css"crossorigin="anonymous"
            ><link 
                rel="stylesheet" 
                href="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.min.css"crossorigin="anonymous"
            >

            </main>
        </div>
        <script 
                src="https://cdn.jsdelivr.net/npm/node-vibrant@3.1.6/dist/vibrant.min.js"integrity="sha256-awcR2jno4kI5X0zL8ex0vi2z&#43;KMkF24hUW8WePSA9HM="crossorigin="anonymous"
                
                >
            </script><script type="text/javascript" src="/ts/main.js" defer></script>
<script>
    (function () {
        const customFont = document.createElement('link');
        customFont.href = "https://fonts.googleapis.com/css2?family=Lato:wght@300;400;700&display=swap";

        customFont.type = "text/css";
        customFont.rel = "stylesheet";

        document.head.appendChild(customFont);
    }());
</script>

    </body>
</html>
